Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/17e30daf-f11a-4af6-8f47-661a735a22e9.roa
File:                     17e30daf-f11a-4af6-8f47-661a735a22e9.roa (raw, json)
Hash identifier:          0AxDs4PO1Yp07dGyZoOFaRTL+fY8LGnMiui3wsD5WCY=
Subject key identifier:   FE:97:DD:41:93:A3:65:6B:ED:44:6B:EF:C4:4E:86:24:75:71:05:30
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       23A2B3079AF35C35954F3079021A01A72BC28749
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/17e30daf-f11a-4af6-8f47-661a735a22e9.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:a2:b3:07:9a:f3:5c:35:95:4f:30:79:02:1a:01:a7:2b:c2:87:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3f:02:f6:c0:e1:50:2d:8f:0b:8f:dd:e1:5e:
                    44:94:13:63:c4:af:e6:6f:f8:d3:bb:85:f9:90:e8:
                    50:77:3c:08:5e:56:44:41:1a:da:54:72:29:1d:fb:
                    11:58:12:82:88:de:3b:66:3c:bd:a6:0e:8d:e2:87:
                    3b:96:47:be:15:6f:26:0f:c0:de:f1:db:e8:48:26:
                    17:8d:c8:cf:ae:db:23:d7:7e:68:6c:07:4e:09:d2:
                    d0:d9:9d:39:6f:d9:03:31:77:bd:80:b9:32:0f:36:
                    41:8c:d8:03:ea:64:02:61:71:91:cc:30:8c:a8:f7:
                    19:57:f9:9b:db:68:75:20:09:65:07:7f:b6:5e:70:
                    dc:b4:17:f8:16:0f:8f:11:bb:3f:c1:b9:6b:67:c2:
                    69:28:8c:f8:d6:e7:02:c1:dd:97:d7:29:9b:46:6b:
                    b9:b4:d4:cb:bb:99:c9:d2:a2:af:a6:eb:03:c5:36:
                    dd:bd:1d:f3:d2:ef:03:d3:99:6f:a8:24:c5:44:dd:
                    a2:63:95:bf:48:58:f6:8b:12:1d:39:54:92:e5:2c:
                    13:14:97:53:53:ae:d9:06:b0:8b:ae:49:8b:92:39:
                    6e:73:e2:9a:5a:64:43:85:b0:ad:01:17:a1:96:7b:
                    95:83:b0:c3:5d:41:cd:d4:b7:a3:32:79:42:7a:b5:
                    77:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:97:DD:41:93:A3:65:6B:ED:44:6B:EF:C4:4E:86:24:75:71:05:30
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/17e30daf-f11a-4af6-8f47-661a735a22e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:76:e6:1f:6e:8b:c8:33:2d:8a:67:47:03:5b:ec:1a:3b:c7:
         96:52:1d:12:73:4d:c9:c7:03:82:7b:2a:6b:6f:89:7d:11:2e:
         21:35:67:1b:06:ad:2d:d3:56:aa:57:80:da:0f:b9:0c:7c:8b:
         cf:dd:42:f4:ab:22:97:b5:85:27:5b:65:13:c2:54:61:c6:a0:
         35:e2:03:68:90:14:21:21:53:58:e6:81:c2:f8:4d:c1:11:9d:
         42:3c:6d:9f:90:61:e0:5a:25:72:e9:84:62:cf:ac:ea:d3:b9:
         b2:53:0d:a7:35:ac:17:c3:28:19:51:a6:d5:de:96:8a:42:bd:
         b8:8d:f1:0b:6c:1e:9b:f1:75:c2:1d:d1:a9:5b:e7:23:61:81:
         ca:c7:be:32:24:d9:dd:51:81:a2:d3:81:7d:42:be:14:72:b1:
         5d:b8:e5:31:7f:a4:c0:47:18:ef:bc:2f:84:b9:7f:09:95:54:
         f7:90:e6:84:dd:5e:d3:00:37:58:3b:09:0e:7a:03:72:45:2e:
         d1:02:da:03:d0:78:a4:b9:3c:9f:62:6d:8d:c4:fb:05:e1:c2:
         5d:9b:ca:2a:fa:67:ab:19:40:55:92:82:88:95:b6:64:07:3f:
         b0:83:39:90:e9:61:53:94:b1:19:9c:bf:a7:54:83:b8:be:23:
         8d:d4:93:61
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUI6KzB5rzXDWVTzB5AhoBpyvCh0kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDNkZmY0MTBlNGE5NzUwYjUyNjBkZTdkOTlkMTJhNmQ1ZjdjNTVjNGJhNzY2
N2EyZGU0MDhhNmZiZmFlMmU1YjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKA/AvbA4VAtjwuP3eFeRJQTY8Sv5m/407uF+ZDoUHc8CF5WREEa2lRyKR37
EVgSgojeO2Y8vaYOjeKHO5ZHvhVvJg/A3vHb6EgmF43Iz67bI9d+aGwHTgnS0Nmd
OW/ZAzF3vYC5Mg82QYzYA+pkAmFxkcwwjKj3GVf5m9todSAJZQd/tl5w3LQX+BYP
jxG7P8G5a2fCaSiM+NbnAsHdl9cpm0ZrubTUy7uZydKir6brA8U23b0d89LvA9OZ
b6gkxUTdomOVv0hY9osSHTlUkuUsExSXU1Ou2Qawi65Ji5I5bnPimlpkQ4WwrQEX
oZZ7lYOww11BzdS3ozJ5Qnq1dykCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT+l91B
k6Nla+1Ea+/EToYkdXEFMDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTdlMzBkYWYtZjExYS00YWY2LThmNDctNjYxYTczNWEyMmU5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FhQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDCduYfbovIMy2KZ0cDW+waO8eWUh0Sc03JxwOC
eyprb4l9ES4hNWcbBq0t01aqV4DaD7kMfIvP3UL0qyKXtYUnW2UTwlRhxqA14gNo
kBQhIVNY5oHC+E3BEZ1CPG2fkGHgWiVy6YRiz6zq07myUw2nNawXwygZUabV3paK
Qr24jfELbB6b8XXCHdGpW+cjYYHKx74yJNndUYGi04F9Qr4UcrFduOUxf6TARxjv
vC+EuX8JlVT3kOaE3V7TADdYOwkOegNyRS7RAtoD0HikuTyfYm2NxPsF4cJdm8oq
+merGUBVkoKIlbZkBz+wgzmQ6WFTlLEZnL+nVIO4viON1JNh
-----END CERTIFICATE-----